Wi-Fi Alliance defines three modes of operations for WPA3-Enterprise:
- WPA3-Enterprise only
- WPA3-Enterprise transition mode
- WPA3-Enterprise 192-bit mode
This Episode is sponsored by WiFi Scanner
Download your trial today at WiFiScanner.com
Specifications
WPA3-Enterprise Only
Here are the important specifications:
- An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256)
- An AP and STA shall not allow AKM suite 00-0F-AC:1 (IEEE 802.1X with SHA-1)
- An AP and STA would support & use MFP
- a STA shall not enable WEP and TKIP
WPA3-Enterprise Transition
Here are the important specifications:
- An AP and STA shall enable at least AKM suite 00-0F-AC:5 (IEEE 802.1X with SHA-256) and 00-0F-AC:1 (IEEE 802.1X with SHA-1)
- An AP and STA must support MFP
WPA3-Enterprise 192-bit
Here are the important specifications:
- PMF must be required by both the AP and STA
- Limited set of EAP cipher suites are allowed:
- TLS ECDHE ECDSA with AES 256 GCM SHA384
- TLS ECDHE RSA with AES 256 GCM SHA384
- TLS DHE RSA with AES 256 GCM SHA384
Beacon Frames
WPA3-Enterprise Only
WPA3-Enterprise Transition
Comparison between WPA3-Enterprise and WPA3-Enterprise Transition mode:
Resources
- Wi-Fi Alliance WPA3 Specifications → https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.1.pdf
- WPA3 Enterprise by Rasika (mrncciew) → https://mrncciew.com/2020/08/17/wpa3-enterprise/
- Configure JumpStart for Mist → https://www.mist.com/documentation/jumpcloud-for-radius/